
<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" lang="zh_CN">
  <head>
    <meta charset="utf-8" />
    <title>crypt --- Function to check Unix passwords &#8212; Python 3.7.8 文档</title>
    <link rel="stylesheet" href="../_static/pydoctheme.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>
    <script type="text/javascript" src="../_static/translations.js"></script>
    
    <script type="text/javascript" src="../_static/sidebar.js"></script>
    
    <link rel="search" type="application/opensearchdescription+xml"
          title="在 Python 3.7.8 文档 中搜索"
          href="../_static/opensearch.xml"/>
    <link rel="author" title="关于这些文档" href="../about.html" />
    <link rel="index" title="索引" href="../genindex.html" />
    <link rel="search" title="搜索" href="../search.html" />
    <link rel="copyright" title="版权所有" href="../copyright.html" />
    <link rel="next" title="termios --- POSIX 风格的 tty 控制" href="termios.html" />
    <link rel="prev" title="grp --- 组数据库" href="grp.html" />
    <link rel="shortcut icon" type="image/png" href="../_static/py.png" />
    <link rel="canonical" href="https://docs.python.org/3/library/crypt.html" />
    
    <script type="text/javascript" src="../_static/copybutton.js"></script>
    
    
    
    
    <style>
      @media only screen {
        table.full-width-table {
            width: 100%;
        }
      }
    </style>
 

  </head><body>
  
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>导航</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../genindex.html" title="总目录"
             accesskey="I">索引</a></li>
        <li class="right" >
          <a href="../py-modindex.html" title="Python 模块索引"
             >模块</a> |</li>
        <li class="right" >
          <a href="termios.html" title="termios --- POSIX 风格的 tty 控制"
             accesskey="N">下一页</a> |</li>
        <li class="right" >
          <a href="grp.html" title="grp --- 组数据库"
             accesskey="P">上一页</a> |</li>
        <li><img src="../_static/py.png" alt=""
                 style="vertical-align: middle; margin-top: -1px"/></li>
        <li><a href="https://www.python.org/">Python</a> &#187;</li>
        <li>
          <a href="../index.html">3.7.8 Documentation</a> &#187;
        </li>

          <li class="nav-item nav-item-1"><a href="index.html" >Python 标准库</a> &#187;</li>
          <li class="nav-item nav-item-2"><a href="unix.html" accesskey="U">Unix 专有服务</a> &#187;</li>
    <li class="right">
        

    <div class="inline-search" style="display: none" role="search">
        <form class="inline-search" action="../search.html" method="get">
          <input placeholder="快速搜索" type="text" name="q" />
          <input type="submit" value="转向" />
          <input type="hidden" name="check_keywords" value="yes" />
          <input type="hidden" name="area" value="default" />
        </form>
    </div>
    <script type="text/javascript">$('.inline-search').show(0);</script>
         |
    </li>

      </ul>
    </div>    

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
            
  <div class="section" id="module-crypt">
<span id="crypt-function-to-check-unix-passwords"></span><h1><a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> --- Function to check Unix passwords<a class="headerlink" href="#module-crypt" title="永久链接至标题">¶</a></h1>
<p><strong>Source code:</strong> <a class="reference external" href="https://github.com/python/cpython/tree/3.7/Lib/crypt.py">Lib/crypt.py</a></p>
<hr class="docutils" id="index-0" />
<p>This module implements an interface to the <em class="manpage">crypt(3)</em> routine, which is
a one-way hash function based upon a modified DES algorithm; see the Unix man
page for further details.  Possible uses include storing hashed passwords
so you can check passwords without storing the actual password, or attempting
to crack Unix passwords with a dictionary.</p>
<p id="index-1">Notice that the behavior of this module depends on the actual implementation  of
the <em class="manpage">crypt(3)</em> routine in the running system.  Therefore, any
extensions available on the current implementation will also  be available on
this module.</p>
<div class="section" id="hashing-methods">
<h2>Hashing Methods<a class="headerlink" href="#hashing-methods" title="永久链接至标题">¶</a></h2>
<div class="versionadded">
<p><span class="versionmodified added">3.3 新版功能.</span></p>
</div>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> module defines the list of hashing methods (not all methods
are available on all platforms):</p>
<dl class="data">
<dt id="crypt.METHOD_SHA512">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">METHOD_SHA512</code><a class="headerlink" href="#crypt.METHOD_SHA512" title="永久链接至目标">¶</a></dt>
<dd><p>A Modular Crypt Format method with 16 character salt and 86 character
hash based on the SHA-512 hash function.  This is the strongest method.</p>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_SHA256">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">METHOD_SHA256</code><a class="headerlink" href="#crypt.METHOD_SHA256" title="永久链接至目标">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 16 character salt and 43
character hash based on the SHA-256 hash function.</p>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_BLOWFISH">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">METHOD_BLOWFISH</code><a class="headerlink" href="#crypt.METHOD_BLOWFISH" title="永久链接至目标">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 22 character salt and 31
character hash based on the Blowfish cipher.</p>
<div class="versionadded">
<p><span class="versionmodified added">3.7 新版功能.</span></p>
</div>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_MD5">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">METHOD_MD5</code><a class="headerlink" href="#crypt.METHOD_MD5" title="永久链接至目标">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 8 character salt and 22
character hash based on the MD5 hash function.</p>
</dd></dl>

<dl class="data">
<dt id="crypt.METHOD_CRYPT">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">METHOD_CRYPT</code><a class="headerlink" href="#crypt.METHOD_CRYPT" title="永久链接至目标">¶</a></dt>
<dd><p>The traditional method with a 2 character salt and 13 characters of
hash.  This is the weakest method.</p>
</dd></dl>

</div>
<div class="section" id="module-attributes">
<h2>Module Attributes<a class="headerlink" href="#module-attributes" title="永久链接至标题">¶</a></h2>
<div class="versionadded">
<p><span class="versionmodified added">3.3 新版功能.</span></p>
</div>
<dl class="attribute">
<dt id="crypt.methods">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">methods</code><a class="headerlink" href="#crypt.methods" title="永久链接至目标">¶</a></dt>
<dd><p>A list of available password hashing algorithms, as
<code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> objects.  This list is sorted from strongest to
weakest.</p>
</dd></dl>

</div>
<div class="section" id="module-functions">
<h2>模块函数<a class="headerlink" href="#module-functions" title="永久链接至标题">¶</a></h2>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> module defines the following functions:</p>
<dl class="function">
<dt id="crypt.crypt">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">crypt</code><span class="sig-paren">(</span><em class="sig-param">word</em>, <em class="sig-param">salt=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.crypt" title="永久链接至目标">¶</a></dt>
<dd><p><em>word</em> will usually be a user's password as typed at a prompt or  in a graphical
interface.  The optional <em>salt</em> is either a string as returned from
<a class="reference internal" href="#crypt.mksalt" title="crypt.mksalt"><code class="xref py py-func docutils literal notranslate"><span class="pre">mksalt()</span></code></a>, one of the <code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> values (though not all
may be available on all platforms), or a full encrypted password
including salt, as returned by this function.  If <em>salt</em> is not
provided, the strongest method will be used (as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal notranslate"><span class="pre">methods()</span></code></a>).</p>
<p>Checking a password is usually done by passing the plain-text password
as <em>word</em> and the full results of a previous <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal notranslate"><span class="pre">crypt()</span></code></a> call,
which should be the same as the results of this call.</p>
<p><em>salt</em> (either a random 2 or 16 character string, possibly prefixed with
<code class="docutils literal notranslate"><span class="pre">$digit$</span></code> to indicate the method) which will be used to perturb the
encryption algorithm.  The characters in <em>salt</em> must be in the set
<code class="docutils literal notranslate"><span class="pre">[./a-zA-Z0-9]</span></code>, with the exception of Modular Crypt Format which
prefixes a <code class="docutils literal notranslate"><span class="pre">$digit$</span></code>.</p>
<p>Returns the hashed password as a string, which will be composed of
characters from the same alphabet as the salt.</p>
<p id="index-2">Since a few <em class="manpage">crypt(3)</em> extensions allow different values, with
different sizes in the <em>salt</em>, it is recommended to use  the full crypted
password as salt when checking for a password.</p>
<div class="versionchanged">
<p><span class="versionmodified changed">在 3.3 版更改: </span>Accept <code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> values in addition to strings for <em>salt</em>.</p>
</div>
</dd></dl>

<dl class="function">
<dt id="crypt.mksalt">
<code class="sig-prename descclassname">crypt.</code><code class="sig-name descname">mksalt</code><span class="sig-paren">(</span><em class="sig-param">method=None</em>, <em class="sig-param">*</em>, <em class="sig-param">rounds=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.mksalt" title="永久链接至目标">¶</a></dt>
<dd><p>Return a randomly generated salt of the specified method.  If no
<em>method</em> is given, the strongest method available as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal notranslate"><span class="pre">methods()</span></code></a> is used.</p>
<p>The return value is a string suitable for passing as the <em>salt</em> argument
to <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal notranslate"><span class="pre">crypt()</span></code></a>.</p>
<p><em>rounds</em> specifies the number of rounds for <code class="docutils literal notranslate"><span class="pre">METHOD_SHA256</span></code>,
<code class="docutils literal notranslate"><span class="pre">METHOD_SHA512</span></code> and <code class="docutils literal notranslate"><span class="pre">METHOD_BLOWFISH</span></code>.
For <code class="docutils literal notranslate"><span class="pre">METHOD_SHA256</span></code> and <code class="docutils literal notranslate"><span class="pre">METHOD_SHA512</span></code> it must be an integer between
<code class="docutils literal notranslate"><span class="pre">1000</span></code> and <code class="docutils literal notranslate"><span class="pre">999_999_999</span></code>, the default is <code class="docutils literal notranslate"><span class="pre">5000</span></code>.  For
<code class="docutils literal notranslate"><span class="pre">METHOD_BLOWFISH</span></code> it must be a power of two between <code class="docutils literal notranslate"><span class="pre">16</span></code> (2<sup>4</sup>)
and <code class="docutils literal notranslate"><span class="pre">2_147_483_648</span></code> (2<sup>31</sup>), the default is <code class="docutils literal notranslate"><span class="pre">4096</span></code>
(2<sup>12</sup>).</p>
<div class="versionadded">
<p><span class="versionmodified added">3.3 新版功能.</span></p>
</div>
<div class="versionchanged">
<p><span class="versionmodified changed">在 3.7 版更改: </span>Added the <em>rounds</em> parameter.</p>
</div>
</dd></dl>

</div>
<div class="section" id="examples">
<h2>例子<a class="headerlink" href="#examples" title="永久链接至标题">¶</a></h2>
<p>A simple example illustrating typical use (a constant-time comparison
operation is needed to limit exposure to timing attacks.
<a class="reference internal" href="hmac.html#hmac.compare_digest" title="hmac.compare_digest"><code class="xref py py-func docutils literal notranslate"><span class="pre">hmac.compare_digest()</span></code></a> is suitable for this purpose):</p>
<div class="highlight-python3 notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">pwd</span>
<span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">import</span> <span class="nn">getpass</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="kn">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>

<span class="k">def</span> <span class="nf">login</span><span class="p">():</span>
    <span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">&#39;Python login: &#39;</span><span class="p">)</span>
    <span class="n">cryptedpasswd</span> <span class="o">=</span> <span class="n">pwd</span><span class="o">.</span><span class="n">getpwnam</span><span class="p">(</span><span class="n">username</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
    <span class="k">if</span> <span class="n">cryptedpasswd</span><span class="p">:</span>
        <span class="k">if</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">&#39;x&#39;</span> <span class="ow">or</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">&#39;*&#39;</span><span class="p">:</span>
            <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s1">&#39;no support for shadow passwords&#39;</span><span class="p">)</span>
        <span class="n">cleartext</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">()</span>
        <span class="k">return</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">cleartext</span><span class="p">,</span> <span class="n">cryptedpasswd</span><span class="p">),</span> <span class="n">cryptedpasswd</span><span class="p">)</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="k">return</span> <span class="kc">True</span>
</pre></div>
</div>
<p>To generate a hash of a password using the strongest available method and
check it against the original:</p>
<div class="highlight-python3 notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="kn">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>

<span class="n">hashed</span> <span class="o">=</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)):</span>
    <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">&quot;hashed version doesn&#39;t validate against original&quot;</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../contents.html">目录</a></h3>
  <ul>
<li><a class="reference internal" href="#"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code> --- Function to check Unix passwords</a><ul>
<li><a class="reference internal" href="#hashing-methods">Hashing Methods</a></li>
<li><a class="reference internal" href="#module-attributes">Module Attributes</a></li>
<li><a class="reference internal" href="#module-functions">模块函数</a></li>
<li><a class="reference internal" href="#examples">例子</a></li>
</ul>
</li>
</ul>

  <h4>上一个主题</h4>
  <p class="topless"><a href="grp.html"
                        title="上一章"><code class="xref py py-mod docutils literal notranslate"><span class="pre">grp</span></code> --- 组数据库</a></p>
  <h4>下一个主题</h4>
  <p class="topless"><a href="termios.html"
                        title="下一章"><code class="xref py py-mod docutils literal notranslate"><span class="pre">termios</span></code> --- POSIX 风格的 tty 控制</a></p>
  <div role="note" aria-label="source link">
    <h3>本页</h3>
    <ul class="this-page-menu">
      <li><a href="../bugs.html">提交 Bug</a></li>
      <li>
        <a href="https://github.com/python/cpython/blob/3.7/Doc/library/crypt.rst"
            rel="nofollow">显示源代码
        </a>
      </li>
    </ul>
  </div>
        </div>
      </div>
      <div class="clearer"></div>
    </div>  
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>导航</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../genindex.html" title="总目录"
             >索引</a></li>
        <li class="right" >
          <a href="../py-modindex.html" title="Python 模块索引"
             >模块</a> |</li>
        <li class="right" >
          <a href="termios.html" title="termios --- POSIX 风格的 tty 控制"
             >下一页</a> |</li>
        <li class="right" >
          <a href="grp.html" title="grp --- 组数据库"
             >上一页</a> |</li>
        <li><img src="../_static/py.png" alt=""
                 style="vertical-align: middle; margin-top: -1px"/></li>
        <li><a href="https://www.python.org/">Python</a> &#187;</li>
        <li>
          <a href="../index.html">3.7.8 Documentation</a> &#187;
        </li>

          <li class="nav-item nav-item-1"><a href="index.html" >Python 标准库</a> &#187;</li>
          <li class="nav-item nav-item-2"><a href="unix.html" >Unix 专有服务</a> &#187;</li>
    <li class="right">
        

    <div class="inline-search" style="display: none" role="search">
        <form class="inline-search" action="../search.html" method="get">
          <input placeholder="快速搜索" type="text" name="q" />
          <input type="submit" value="转向" />
          <input type="hidden" name="check_keywords" value="yes" />
          <input type="hidden" name="area" value="default" />
        </form>
    </div>
    <script type="text/javascript">$('.inline-search').show(0);</script>
         |
    </li>

      </ul>
    </div>  
    <div class="footer">
    &copy; <a href="../copyright.html">版权所有</a> 2001-2020, Python Software Foundation.
    <br />
    Python 软件基金会是一个非盈利组织。
    <a href="https://www.python.org/psf/donations/">请捐助。</a>
    <br />
    最后更新于 6月 29, 2020.
    <a href="../bugs.html">发现了问题</a>？
    <br />
    使用<a href="http://sphinx.pocoo.org/">Sphinx</a>2.3.1 创建。
    </div>

  </body>
</html>